Domain controllers weight and priority values: How to check them with PowerShell

Active Directory’s domain controller installation process creates several Service Records (SRV) in the DNS Server. The SRV records are used by the Windows clients and applications to find a suitable domain controller in the Active Directory forest. Active Directory clients contact local DNS Server to get a list of domain controllers. However, when returning a list of domain controllers, the DNS Server might return a list of domain controllers based on the priority and weight assigned to the SRV records of the domain controllers. By default, domain controllers weight are configured at 100 and a priority of 0. Since all the domain controllers weight and priority are configured the same, a DNS Server can return a list of all available domain controllers based upon the type of query.

The heavier-weight domain controllers are referred more often and lowest priority domain controllers are set first in the list. For example, if a domain controller is assigned with a weight of 200 and the other domain controllers are configured with a weight of 100, the domain controller that is assigned with a weight of 200 is referred often. If a domain controller is configured with a priority of 0 and the other domain controllers are configured with a different priority, the domain controller assigned with lowest priority will receive all authentication requests unless it is unavailable.

Why change domain controllers weight and priority?

In most of the cases, the default domain controllers weight and priority work for all environments. However, you might want to change the default weight and priority of domain controllers based upon your requirements. For example, if a domain controller has more capacity to handle the authentication requests than the other domain controllers, you might want that domain controller to be referred often. Similarly, you might want to designate a domain controller to handle authentication requests coming from some AD applications. Though it is not necessary to change the default weight and priority of domain controllers, many Active Directory admins do modify SRV priority and weight for some special purposes as explained above.

In this article, we are going to provide a PowerShell script that can help you collect the weight and priority configured for all domain controllers in an Active Directory Forest.

Requirements

Please make sure to run the script from a Windows Server 2012 R2 member server or domain controller. You must also install DNS Server tools from Server Manager. Note that the script provided in this article uses Get-DNSServerResourceRecord PowerShell cmdlet, which is installed as part of DNS Server Tools. Apart from installing the DNS Server Tools, make sure to create a folder by name “C:\Temp” on the computer from where you will run the script. You also need to change the PDC Server name and Active Directory domain name in the script before executing the script.

Once you have met above requirements, copy the below script in a PS1 file and execute it from an elevated PowerShell window.

Once you have executed above PowerShell script, a report by name SRVPWReport.CSV will be generated under C:\Temp folder on the computer from where you ran the script. The report includes the domain name, Domain Controller name, AD Site, SRV record, Weight and Priority assigned to the SRV record of the domain controller and final status indicating whether the priority and weight of SRV record contain any value other than the default values. This is also shown in the screenshot below:

Please note that the script connects to all domain controllers in an Active Directory domain, connect to PDC Emulator of the domain, collects SRV records from the _MSDCS zone, and then collects SRV weight and priority assigned to the domain controllers. As you can see in the report above, the script identified that one of the SRV records of the DC1.TechGenix.com domain controller is configured with a different weight value. As you can also see in the report, the script reported a message in the Final Status that the particular SRV record of that domain controller needs to be checked.

This script is part of PowerShell-based Dynamic Packs that ship with the Active Directory Health Profiler, which you can use to perform a complete health check of an Active Directory forest. There are 99 health checks included in the AD Health Profiler.

By using the PowerShell script provided in this article you can collect domain controllers weight and priority values for all SRV records. You can include the PowerShell script in your Active Directory health procedure to ensure domain controllers are configured with required priority and weight values.

Photo credit: Shutterstock

Post Views: 7,197

Featured Links

Read Next

Nirmal Sharma

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites.

2 Comments

else : The term 'else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\gas\Desktop\DCpriority.ps1:49 char:1
+ else
+ ~~~~
+ CategoryInfo : ObjectNotFound: (else:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

There is a single closing bracket missing just before else in line 49.
Should be four of them
}
}
}
}
else
{
$ThisSTR = $ThisDomain+",Error Connecting to PDC in this domain."
$ErrorOrNot = "Yes"
Add-Content "$TestCSVFile" $ThisStr
}

Featured Freeware

Recommended

Follow Us

Domain controllers weight and priority values: How to check them with PowerShell

TECHGENIX

TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.